This Article IsEdited at 2025-10-25Referenced as b94

E Rights Simply Explained

While looking through Cap’n Proto’s documentation, I was disappointed to see that only Level 1 is implemented in any language.

This article will show a hypothetical system that implements reference equality of capabilities.

  • A network with identity-based destination and authenticated datagram packets. => e.g. Reticulum
  • An execution context (virtual machine) with a computation model that always terminates. => e.g. eBPF
  • A cryptographic signature scheme.
    A blind signature scheme may be used to provide more anonymity, although that is more of a political problem.

After you finish reading this, you may see that one should not conflate serialization with message passing, and definitely not involve Java in the mix.

The example task to showcase reference equality like in E

Let it be three network destinations A, B, C.

A initates the following:

  • A sends a reference to B
  • A sends a reference to C
  • B relays the reference it gets to C
  • C compares both references; sends the comparison result to A

How the API will be, in theory

(defn gen-signing-key [] ... [pk sk])
(defn sign [private-key public-data] ...)
(defn verify [public-key signed-data] ...)
(defn gen-msgid [] ...)
(defn self "get self destination" [] ...)
(defn send [dest id data] ...)  # non-blocking
(defn send-run [dest id action] ...)
(defn wait [id] ...)  # returns message data

The network node holding the destination A runs:

(def [pkA, skA] (gen-signing-key))
(def A (self))
(def B ...)
(def C ...)
(def cap-join (sign skA "public data, could be anything"))
(def rendezvous (gen-msgid))
(def response (gen-msgid))
(send-run B (gen-msgid)
  ~(send ,C ,rendezvous ,cap-join))
(send-run C (gen-msgid)
  ~(do
    (def cap-join2 (wait ,rendezvous))
    (assert (verify ,pkA cap-join2))
    (send ,A ,response (= ,cap-join cap-join2))))
(print (wait response))

Notes for the implementer

Direct communication between any two peers should be authenticated.

In actual implementation, network destinations can be emphemeral. Ideally, a network destination cannot be looked up without being told from another secure channel. A network destination is like a capability in itself.

A capability is a signed string. There is nothing magic about it.

Delivery is not guaranteed.s

A delivery receipt is sent back as an ordinary message, inspired by a Go actor library.

Comments

Many novel concepts invented in the past are composite ideas. In the E language, each “E vat” is a container for capabilities that can’t be forged outside. In the math world, a “vat” is more like the causal boundary caused by the creation of a signing key pair.

There should be more philosophy when discussing about computing/information concepts.